CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-10029 – Exit Box Lite Plugin wordpress-exit-box-lite.php exitboxadmin cross-site request forgery
https://notcve.org/view.php?id=CVE-2013-10029
28 May 2013 — A vulnerability classified as problematic was found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this vulnerability is the function exitboxadmin of the file wordpress-exit-box-lite.php. ... In Exit Box Lite Plugin bis 1.06 für WordPress wurde eine problematische Schwachstelle entdeckt. Das betrifft die Funktion exitboxadmin der Datei wordpress-exit-box-lite.php. ... The WordPress Exit Box Lite plugin for WordPress is vulnerable to Cross-Site Request ... • https://github.com/wp-plugins/wordpress-exit-box-lite/commit/fad26701addb862c51baf85c6e3cc136aa79c309 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-10023 – Editorial Calendar Plugin edcal.php edcal_filter_where sql injection
https://notcve.org/view.php?id=CVE-2013-10023
13 Feb 2013 — A vulnerability was found in Editorial Calendar Plugin up to 2.6 on WordPress. ... In Editorial Calendar Plugin bis 2.6 für WordPress wurde eine kritische Schwachstelle ausgemacht. ... The Editorial Calendar plugin for WordPress is vulnerable to SQL Injection via post start and end dates in all versions up to, and including, 2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. • https://github.com/wp-plugins/editorial-calendar/commit/a9277f13781187daee760b4dfd052b1b68e101cc • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-10015 – BestWebSoft Twitter Plugin Settings Page twitter.php twttr_settings_page cross-site request forgery
https://notcve.org/view.php?id=CVE-2012-10015
24 Jul 2012 — A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on WordPress. ... Es wurde eine problematische Schwachstelle in BestWebSoft Twitter Plugin bis 2.14 für WordPress ausgemacht. ... The BestWebSoft's Twitter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.14. • https://github.com/wp-plugins/twitter-plugin/commit/a6d4659cbb2cbf18ccb0fb43549d5113d74e0146 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-10017 – BestWebSoft Portfolio Plugin cross-site request forgery
https://notcve.org/view.php?id=CVE-2012-10017
24 Jul 2012 — A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. ... Se encontró una vulnerabilidad en BestWebSoft Portfolio Plugin hasta 2.04 en WordPress. ... Es wurde eine Schwachstelle in BestWebSoft Portfolio Plugin bis 2.04 für WordPress ausgemacht. ... The Portfolio Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.04. • https://github.com/wp-plugins/portfolio/commit/68af950330c3202a706f0ae9bbb52ceaa17dda9d • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-10011 – HD FLV PLayer Plugin functions.php hd_update_media sql injection
https://notcve.org/view.php?id=CVE-2012-10011
12 Jun 2012 — A vulnerability was found in HD FLV PLayer Plugin up to 1.7 on WordPress. ... Eine kritische Schwachstelle wurde in HD FLV PLayer Plugin bis 1.7 für WordPress ausgemacht. ... The HD FLV Player plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadfile function in versions up to, and including, 1.7. • https://github.com/wp-plugins/contus-hd-flv-player/commit/34d66b9f3231a0e2dc0e536a6fe615d736e863f7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 3CVE-2012-3575 – RBX Gallery < 3.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-3575
08 Jun 2012 — Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider. Vulnerabilidad de subida de fichero sin restricción en uploader.php del complemento RBX Gallery 2.1 de WordPress. ... Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin before 3.1 for WordPress... • http://www.opensyscom.fr/Actualites/wordpress-plugins-rbx-gallery-multiple-arbitrary-file-upload-vulnerability.html • CWE-264: Permissions, Privileges, and Access Controls CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 1%CPEs: 80EXPL: 0CVE-2012-2399 – WordPress Core <= 3.5.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2399
21 Apr 2012 — Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414. Vulnerabilidad no especificada en wp-includes/js/swfupload/swfupload.swf en WordPress antes de v3.3.2 tiene un impacto y vectores de ataque desconocidos. • http://wordpress.org/news/2012/04/wordpress-3-3-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 80EXPL: 0CVE-2012-2400 – WordPress Core < 3.3.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2400
20 Apr 2012 — Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors. Vulnerabilidad no especificada en wp-includes/js/swfobject.js en WordPress antes de v3.3.2 tiene un impacto y vectores de ataque desconocidos. • http://wordpress.org/news/2012/04/wordpress-3-3-2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 76EXPL: 0CVE-2012-4033 – Zingiri Web Shop < 2.4.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4033
18 Apr 2012 — Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en el plug-in Zingiri Web Shop antes de v2.4.0 para WordPress tienen un impacto y vectores de ataque desconocidos. The Zingiri Web Shop plugin for WordPress has multiple vulnerabilities in versions up to, and including, 2.3.7. • http://wordpress.org/extend/plugins/zingiri-web-shop/changelog • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4874 – WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds < 2.0 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2012-4874
03 Apr 2012 — Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads." Vulnerabilidad no especificada en el plugin Another WordPress Classifieds anterior a v2.0 tiene un impacto desconocido y vectores de ataque similares a "archivos de imagen." The WordPress Classifieds Plugin – Ad Directory & Listings by AWP Classifieds plugin for WordPress is vulnerable to arbitrary file uploads due... • http://wordpress.org/extend/plugins/another-wordpress-classifieds-plugin/changelog • CWE-434: Unrestricted Upload of File with Dangerous Type •